fast_submission_protection 0.1.0 → 0.1.1

data/CHANGELOG

@@ -1,3 +1,8 @@
+= 0.1.1
+  * Supply an error template which includes the delay
+  * Adds config.action_controller.allow_fast_submission_protection (off by default in test mode)
+  * Stabilise the API
+  
 = 0.1.0
   * Renamed to fast_submission_protection
   * Raise an error to handle fast submission

data/README.md

@@ -1,12 +1,10 @@
 # FastSubmissionProtection
 
-*This is experimental and the API is currently subject to sudden and massive change!*
-
 [![Build Status](https://secure.travis-ci.org/i2w/fast_submission_protection.png?branch=master)](http://travis-ci.org/i2w/timed_spam_rejection)
 
-ActionController plugin that facilitates rejecting spam based on how long the form submission took.
+ActionController engine that facilitates rejecting spam based on how long the form submission took.
 
-This plugin was developed by [Ian White](http://github.com/ianwhite) and [Nicholas Rutherford](http://github.com/nruth) while working at [Distinctive Doors](http://distinctivedoors.co.uk) who have kindly agreed to release this under the MIT-LICENSE.
+This was developed by [Ian White](http://github.com/ianwhite) and [Nicholas Rutherford](http://github.com/nruth) while working at [Distinctive Doors](http://distinctivedoors.co.uk) who have kindly agreed to release this under the MIT-LICENSE.
 
 ## Installation
 
@@ -16,15 +14,20 @@ In your Gemfile:
 
 ## Example Usage
 
+Specify `protect_from_fast_submission` to protect a create action from being submitted in less than 5 seconds.  The default protection is
+to render a HTTP 420 page (see Rescue below).
+
     class FeedbackController < ApplicationController
-      protect_from_fast_submission # default delay is 5 seconds, protects create from fast submission
+      protect_from_fast_submission 
     end
 
+You can change the delay, start and finish actions, and the rescue behaviour
+
     class CommentsController < ApplicationController
-      # protects a Comment#update from happening too quickly, and rescues with custom behaviour
       protect_from_fast_submission :delay => 10, :start => [:edit, :update], :finish => [:update], :rescue => false
       
-      rescue_from FastSubmissionProtection::SubmissionTooFastError, :with => lambda {|c| c.redirect_to :edit, :alert => 'Don't comment in anger!' }
+      rescue_from FastSubmissionProtection::SubmissionTooFastError,
+        :with => lambda {|c| c.redirect_to :edit, :alert => 'Don't comment in anger!' }
     end
     
 See `FastSubmissionProtection::Controller#protect_from_fast_submission` for more details.
@@ -43,14 +46,27 @@ You can start and finish the timed submission in different controllers, just set
     
 ## Instance methods
 
-You can start and finish at any point within a controller
+Or, for the most fine-grained control, you can start and finish at any point
+
+    # within a controller instance
+    self.submission_timer('abused_form').start
+    
+    # some point later, where controller is any controller instance
+    # will raise FastSubmissionProtection::SubmissionTooFastError if the above call was < 20 seconds ago
+    controller.submission_timer('abused_form', 20).finish
+    
+    
+## Configuration
 
-    start_timed_submission 'abused_form'
-    finish_timed_submission 'abused_form', 20 # raises FastSubmissionProtection::SubmissionTooFastError if the above line was < 20 seconds ago
+By default `fast_submission_protection` is off in `test` mode.  You can configure it in environment files as follows:
+  
+    config.action_controller.allow_fast_submission_protection = false
     
-Other methods, like reset timer, and clear timer are available on the timer object
+You can also configure it on a per controller basis:
 
-    submission_timer('abused_form') # => a FastSubmissionProtection::SubmissionTimer
+    class MyController < ApplicationController
+      self.allow_fast_submission_protection = true
+    end
 
 ## Rescue
 
@@ -59,7 +75,7 @@ This is included by default when you specify `protect_from_fast_submission`.
 
 The default error page resides in 'views/fast_submission_protection/error'.  Simply add this page to your views directory to use a custom page.
 
-Another option is to do something like put a message in the flash, and re-render the new page.  Simply rescue_from FastSubmissionProtection::SubmissionTimer.
+Another option is to do something like put a message in the flash, and re-render the new page.  Simply rescue_from FastSubmissionProtection::SubmissionTooFastError.
 
 ## Development
 

data/app/views/fast_submission_protection/{error.html → error.html.erb}

@@ -19,7 +19,7 @@
 <body>
   <div class="dialog">
     <h1>The request you made was too fast.</h1>
-    <p>Click your browser's back button to return to the previous page, wait 5 seconds, and try the request again.</p>
+    <p>Click your browser's back button to return to the previous page, wait <%= exception.delay %> seconds, and try the request again.</p>
     <p>This is an anti-spam measure.</p>
   </div>
 </body>

data/lib/fast_submission_protection/controller.rb

@@ -26,10 +26,10 @@ module FastSubmissionProtection
       #   before_filter FastSubmissionProtection::StartFilter.new('abused_form_post'), :only => [:new]
       #   
       #   # At the instance level, wherever you want, perhaps in an action
-      #   start_timed_submission('often_abused_form_post') # to start
+      #   submission_timer('often_abused_form_post').start # to start
       #   
       #   # later, somewhere else
-      #   finish_timed_submission('often_abused_form_post') # to finsih, raises SubmissionTooFastError if too fast
+      #   submission_timer('often_abused_form_post').finish # to finsih, raises SubmissionTooFastError if too fast
       def protect_from_fast_submission options = {}
         delay  = options[:delay]
         start  = options[:start] || [:new, :create]
@@ -44,35 +44,24 @@ module FastSubmissionProtection
     end
     
     included do
-      hide_action :start_timed_submission, :finish_timed_submission
-    end
-    
-    def start_timed_submission name
-      submission_timer(name).start
-    end
-    
-    def finish_timed_submission name, delay = nil
-      if protect_from_fast_submission?
-        timer = submission_timer(name, delay)
-        if timer.too_fast?
-          logger.warn "WARNING: timed submission too fast" if logger
-          timer.restart
-          raise SubmissionTooFastError.new(name, delay)
-        else
-          timer.clear
-        end
+      hide_action :submission_timer, :protect_from_fast_submission?
+
+      # Controls whether fast submission protection is turned on or not. Turned off by default only in test mode.
+      config_accessor :allow_fast_submission_protection
+      if allow_fast_submission_protection.nil?
+        self.allow_fast_submission_protection = (Rails.env != 'test')
       end
     end
     
-  protected
     def submission_timer name, delay = nil
       SubmissionTimer.new timed_submission_storage, name, delay
     end
 
     def protect_from_fast_submission?
-      request.post? || request.put?
+      allow_fast_submission_protection && (request.post? || request.put?)
     end
     
+  protected
     def timed_submission_storage
       session[:_fsp] ||= {}
     end
@@ -80,22 +69,16 @@ module FastSubmissionProtection
   
   class StartFilter < Struct.new(:name)
     def filter controller
-      controller.start_timed_submission name
+      controller.submission_timer(name).start
     end
   end
   
   class FinishFilter < Struct.new(:name, :delay)
     def filter controller
-      controller.finish_timed_submission name, delay
-    end
-  end
-  
-  class FastSubmissionProtection::SubmissionTooFastError < RuntimeError
-    def initialize name, delay
-      @name, @delay = name, delay
+      if controller.protect_from_fast_submission?
+        controller.submission_timer(name, delay).finish
+      end
     end
-    
-    attr_reader :name, :delay
   end
 
   module Rescue
@@ -106,8 +89,8 @@ module FastSubmissionProtection
     end
 
   protected
-    def render_fast_submission_protection_error
-      render :template => 'fast_submission_protection/error', :layout => false, :status => 420
+    def render_fast_submission_protection_error exception
+      render :template => 'fast_submission_protection/error', :locals => {:exception => exception}, :layout => false, :status => 420
     end
   end
 end

data/lib/fast_submission_protection/submission_timer.rb

@@ -1,4 +1,11 @@
 module FastSubmissionProtection
+  class SubmissionTooFastError < RuntimeError
+    attr_reader :name, :delay
+    def initialize name, delay
+      @name, @delay = name, delay
+    end
+  end
+  
   class SubmissionTimer
     class_attribute :delay, :clock
     self.delay = 5
@@ -9,22 +16,28 @@ module FastSubmissionProtection
       @delay = delay || self.class.delay
       @clock = clock || self.class.clock
     end
-    
-    def too_fast?
-      started = @storage[@key]
-      !started || (started + @delay > @clock.now)
-    end
       
     def start
       @storage[@key] ||= @clock.now
     end
     
     def restart
-      @storage[@key] = @clock.now
+      clear
+      start
     end
     
     def clear
       @storage.delete @key
     end
+    
+    def finish
+      started = @storage[@key]
+      if (started && (started + @delay <= @clock.now))
+        clear
+      else
+        restart
+        raise SubmissionTooFastError.new(@key, @delay)
+      end
+    end
   end
 end

data/lib/fast_submission_protection/version.rb

@@ -1,3 +1,3 @@
 module FastSubmissionProtection
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

data/spec/controllers/{controller_spec.rb → integration_spec.rb}

@@ -1,18 +1,10 @@
 require 'spec_helper'
 
-module FastSubmissionProtection
-  class Application < Rails::Application
-    config.i18n.default_locale = :en
-  end
-end
-
-class ApplicationController < ActionController::Base
-  include Rails.application.routes.url_helpers
-end
-
 describe 'A controller with protect_from_fast_submission' do
   controller do
-    protect_from_fast_submission :name => 'test', :rescue => false
+    self.allow_fast_submission_protection = true # test mode turns this off be default
+    
+    protect_from_fast_submission :name => 'a_submission'
     
     def new
       render_new
@@ -60,16 +52,20 @@ describe 'A controller with protect_from_fast_submission' do
     end
     
     shared_examples_for 'a spammy form posting' do
-      it do expect{ subject }.to raise_error FastSubmissionProtection::SubmissionTooFastError end
+      it 'should render the fast_submission_protection error page' do
+        subject
+        controller.should render_template('fast_submission_protection/error')
+      end
       
-      it 'should not execute create' do
-        controller.should_not_receive(:created)
+      it 'should not have created' do
+        controller.should_not_receive :created
+        subject
       end
     end
     
     shared_examples_for 'a non spammy form posting' do
-      it 'should execute :create' do
-        controller.should_receive(:created)
+      it 'should have created successfully' do
+        controller.should_receive :created
         subject
       end
     end

data/spec/fast_submission_protection/filters_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+
+describe FastSubmissionProtection::StartFilter do
+  describe '.new <submission_name>' do
+    subject { described_class.new('name') }
+    
+    it "is equal to another StartFilter with the same name (for filter chain manipulation purposes)" do
+      subject.should_not == described_class.new('foo')
+      subject.should == described_class.new('name')
+    end
+    
+    it '#filter <controller> starts a submission_timer for <name>' do
+      controller, timer = double, double
+
+      controller.should_receive(:submission_timer).with('name').and_return(timer)
+      timer.should_receive(:start)
+      subject.filter controller
+    end
+  end
+end
+
+describe FastSubmissionProtection::FinishFilter do
+  describe '.new <submission_name>, <delay>' do
+    subject { filter }
+    
+    let(:filter) { described_class.new('name', 20) }
+    
+    it "is equal to another FinishFilter with the same name and delay (for filter chain manipulation purposes)" do
+      subject.should_not == described_class.new('foo', 20)
+      subject.should_not == described_class.new('name', 15)
+      subject.should == described_class.new('name', 20)
+    end
+    
+    describe '#filter <controller>' do
+      subject { filter.filter controller }
+      
+      context 'when controller doesn\'t protect_from_fast_submission' do
+        let(:controller) { double :protect_from_fast_submission? => false }
+        
+        it 'doesn\'t do anything' do
+          subject
+        end
+      end
+      
+      context 'when controller protect_from_fast_submission?' do
+        let(:controller) { double :protect_from_fast_submission? => true }
+        
+        it 'finishes a submission_timer for <name>, <delay>' do
+          controller.should_receive(:submission_timer).with('name', 20).and_return(timer = double)
+          timer.should_receive(:finish)
+          subject
+        end
+      end
+    end
+  end
+end

data/spec/fast_submission_protection/submission_timer_spec.rb

@@ -0,0 +1,108 @@
+require 'spec_helper'
+
+describe FastSubmissionProtection::SubmissionTimer do
+  describe '.new <storage>, <key>, <delay>, <clock>' do
+    subject { timer }
+    
+    let(:timer)   { FastSubmissionProtection::SubmissionTimer.new storage, key, delay, clock }
+    let(:storage) { Hash.new }
+    let(:key)     { 'the_key' }
+    let(:delay)   { 10 }
+    let(:clock)   { double :now => now }
+    let(:now)     { Time.now }
+    
+    describe '#start' do
+      subject { timer.start }
+      
+      it 'starts the timer (stores the clock\'s current time (#now) for the key)' do
+        subject
+        storage[key].should == now
+      end
+      
+      context 'when the timer is started' do
+        before { timer.start }
+        
+        it "doesn\'t do anything (it doesn't store a later time)" do
+          earlier = now
+          clock.stub(:now).and_return now + 1.hour
+          subject
+          storage[key].should == earlier
+        end
+      end
+    end
+    
+    describe '#clear' do
+      it 'clears the timer (clears any time stored for the key)' do
+        timer.start
+        timer.clear
+        storage.should_not have_key(key)
+      end
+    end
+    
+    describe '#restart' do
+      it 'clears and starts the timer (clears any storage and stores the clock\'s current time for the key)' do
+        timer.start
+        clock.stub(:now).and_return(later = now + 1.hour)
+        timer.restart
+        storage[key].should == later
+      end
+    end
+    
+    describe '#finish' do
+      subject { timer.finish }
+      
+      context 'when the timer isn\'t started' do
+        it { expect{ subject }.to raise_error(FastSubmissionProtection::SubmissionTooFastError) }
+        
+        it 'should start the timer' do
+          subject rescue nil
+          storage[key].should == now
+        end
+      end
+      
+      context 'when the timer is started' do
+        before { timer.start }
+
+        context 'and not enough time has passed' do
+          before { clock.stub(:now).and_return now + delay - 1}
+
+          it { expect{ subject }.to raise_error(FastSubmissionProtection::SubmissionTooFastError) }
+
+          it 'should restart the timer' do
+            subject rescue nil
+            storage[key].should == now + delay - 1
+          end
+        end
+        
+        context 'and enough time has passed' do
+          before { clock.stub(:now).and_return now + delay }
+          
+          it { expect{ subject }.to_not raise_error }
+          
+          it 'should clear the storage' do
+            subject
+            storage.should_not have_key(key)
+          end
+        end
+      end
+    end
+    
+    context 'when <delay> is nil (default)' do
+      let(:delay) { nil }
+      
+      it 'uses the class self.delay' do
+        FastSubmissionProtection::SubmissionTimer.should_receive(:delay)
+        subject
+      end
+    end
+    
+    context 'when <clock> is nil (default)' do
+      let(:clock) { nil }
+      
+      it 'uses the class self.clock' do
+        FastSubmissionProtection::SubmissionTimer.should_receive(:clock)
+        subject
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -5,6 +5,26 @@ if ENV['SIMPLECOV']
   end
 end
 
+ENV['RAILS_ENV'] = 'test'
+
 require 'rails/all'
+require 'rspec'
 require 'rspec/rails'
-require 'fast_submission_protection'
+require_relative '../lib/fast_submission_protection'
+
+class Rails::Application::Configuration
+  def database_configuration
+    {'test' => {'adapter' => 'sqlite3', 'database' => ":memory:"}}
+  end
+end
+
+module FastSubmissionProtection
+  class Application < Rails::Application
+    config.active_support.deprecation = :stderr
+  end
+end
+
+class ApplicationController < ActionController::Base
+end
+
+FastSubmissionProtection::Application.initialize!

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fast_submission_protection
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-03 00:00:00.000000000 Z
+date: 2012-04-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70112464848300 !ruby/object:Gem::Requirement
+  requirement: &70119054331820 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
         version: '3'
   type: :runtime
   prerelease: false
-  version_requirements: *70112464848300
+  version_requirements: *70119054331820
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &70112464847440 !ruby/object:Gem::Requirement
+  requirement: &70119054331160 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,16 +33,27 @@ dependencies:
         version: '2'
   type: :development
   prerelease: false
-  version_requirements: *70112464847440
+  version_requirements: *70119054331160
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: &70119054330560 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70119054330560
 description: Reject form submissions based on the time taken to submit them. Version
-  0.1.0
+  0.1.1
 email:
 - ian@i2wdev.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- app/views/fast_submission_protection/error.html
+- app/views/fast_submission_protection/error.html.erb
 - lib/fast_submission_protection/controller.rb
 - lib/fast_submission_protection/engine.rb
 - lib/fast_submission_protection/submission_timer.rb
@@ -52,7 +63,9 @@ files:
 - Rakefile
 - README.md
 - CHANGELOG
-- spec/controllers/controller_spec.rb
+- spec/controllers/integration_spec.rb
+- spec/fast_submission_protection/filters_spec.rb
+- spec/fast_submission_protection/submission_timer_spec.rb
 - spec/spec_helper.rb
 homepage: http://github.com/i2w/timed_spam_rejection
 licenses: []
@@ -68,7 +81,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3131108100916053125
+      hash: -2459182796522294369
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -77,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3131108100916053125
+      hash: -2459182796522294369
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.10
@@ -85,5 +98,7 @@ signing_key:
 specification_version: 3
 summary: Reject form submissions based on the time taken to submit them
 test_files:
-- spec/controllers/controller_spec.rb
+- spec/controllers/integration_spec.rb
+- spec/fast_submission_protection/filters_spec.rb
+- spec/fast_submission_protection/submission_timer_spec.rb
 - spec/spec_helper.rb